| 1 |
On 03/05/2010, at 9:16 PM, Daniel Troeder wrote: |
| 2 |
|
| 3 |
> I haven't set this up on gentoo, only on debian-server with |
| 4 |
> ubuntu-clients... |
| 5 |
> |
| 6 |
> Does NSS work already? Do you see the LDAP users/group after the |
| 7 |
> passwd-users when you run |
| 8 |
> $ getent passwd |
| 9 |
> $ getent group |
| 10 |
> |
| 11 |
|
| 12 |
Both show the correct user and group as defined in the ldap attributes |
| 13 |
|
| 14 |
passwd |
| 15 |
william:*:10000:10000:William Brown,,,,:/home/william:/bin/bash |
| 16 |
|
| 17 |
and group |
| 18 |
login:*:20000:william |
| 19 |
|
| 20 |
> Assuming you have configured /etc/nsswitch.conf: |
| 21 |
> passwd: compat ldap |
| 22 |
> group: compat ldap |
| 23 |
> shadow: compat ldap |
| 24 |
> ("files ldap" is OK too.) |
| 25 |
> |
| 26 |
> As long as that does not work, it doesn't make sense to continue to PAM. |
| 27 |
> |
| 28 |
> Is the password in /etc/ldap.secret OK? Mode should be 400. Try to see |
| 29 |
> if the password for cn=Manager,dc=chocolate,dc=lan in there does have |
| 30 |
> possibly problematic characters. |
| 31 |
|
| 32 |
The password is in there, and it does bind successfully (I accidentally posted the wrong output from slapd, I have been documenting my success / failures to try and piece this together) |
| 33 |
|
| 34 |
slapd starting |
| 35 |
conn=0 fd=10 ACCEPT from IP=127.0.0.1:39936 (IP=0.0.0.0:389) |
| 36 |
conn=0 op=0 BIND dn="cn=Manager,dc=chocolate,dc=lan" method=128 |
| 37 |
conn=0 op=0 BIND dn="cn=Manager,dc=chocolate,dc=lan" mech=SIMPLE ssf=0 |
| 38 |
conn=0 op=0 RESULT tag=97 err=0 text= |
| 39 |
connection_input: conn=0 deferring operation: binding |
| 40 |
conn=0 op=1 SRCH base="ou=Admin,dc=chocolate,dc=lan" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=william))" |
| 41 |
conn=0 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire |
| 42 |
conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= |
| 43 |
conn=1 fd=13 ACCEPT from IP=127.0.0.1:23394 (IP=0.0.0.0:389) |
| 44 |
conn=1 op=0 BIND dn="cn=Manager,dc=chocolate,dc=lan" method=128 |
| 45 |
conn=1 op=0 BIND dn="cn=Manager,dc=chocolate,dc=lan" mech=SIMPLE ssf=0 |
| 46 |
conn=1 op=0 RESULT tag=97 err=0 text= |
| 47 |
connection_input: conn=1 deferring operation: binding |
| 48 |
conn=1 op=1 SRCH base="ou=Admin,dc=chocolate,dc=lan" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=william))" |
| 49 |
conn=1 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire |
| 50 |
conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= |
| 51 |
conn=1 op=2 SRCH base="ou=Admin,dc=chocolate,dc=lan" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=william))" |
| 52 |
conn=1 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire |
| 53 |
conn=1 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= |
| 54 |
conn=1 fd=13 closed (connection lost) |
| 55 |
conn=2 fd=13 ACCEPT from IP=127.0.0.1:38351 (IP=0.0.0.0:389) |
| 56 |
conn=2 op=0 BIND dn="cn=Manager,dc=chocolate,dc=lan" method=128 |
| 57 |
conn=2 op=0 BIND dn="cn=Manager,dc=chocolate,dc=lan" mech=SIMPLE ssf=0 |
| 58 |
conn=2 op=0 RESULT tag=97 err=0 text= |
| 59 |
connection_input: conn=2 deferring operation: binding |
| 60 |
conn=2 op=1 SRCH base="ou=Admin,dc=chocolate,dc=lan" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=william))" |
| 61 |
conn=2 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire |
| 62 |
conn=2 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= |
| 63 |
conn=2 op=2 SRCH base="ou=Admin,dc=chocolate,dc=lan" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=william))" |
| 64 |
conn=2 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire |
| 65 |
conn=2 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= |
| 66 |
|
| 67 |
> |
| 68 |
> I need to use nscd on the clients. |
| 69 |
> |
| 70 |
> BTW: I use MDS/MMC (http://mds.mandriva.org/) on all debian servers for |
| 71 |
> User/Samba/DNS/DHCP/Mail management with LDAP. It's really good. |
| 72 |
|
| 73 |
Ill take a look at it, thank you for the hint. |
| 74 |
|
| 75 |
> |
| 76 |
> The most trickiest part of setting up LDAP-clients is always PAM :( |
| 77 |
> Fortunately for debian/ubuntu there are good guides. If you find out how |
| 78 |
> to do it with gentoo, that info would be appreciated (gentoo-wiki?). |
| 79 |
|
| 80 |
I agree, and i most likely will do a write up if i get it to work happily |
| 81 |
|
| 82 |
> |
| 83 |
> Good luck, |
| 84 |
> Daniel |
| 85 |
> |
| 86 |
> -- |
| 87 |
> PGP key @ http://pgpkeys.pca.dfn.de/pks/lookup?search=0xBB9D4887&op=get |
| 88 |
> # gpg --recv-keys --keyserver hkp://subkeys.pgp.net 0xBB9D4887 |
| 89 |
> |
| 90 |
|
| 91 |
William |
Archives